Respond Service & Maintain Ltd (“RSM”) provides fuel maintenance services across the UK to both commercial and public sector customers. As a responsible company it is our duty to ensure that all of the activities we conduct are in accordance with both British and European Law to protect our customers, our prospective customers, our staff members and our company as a whole.
Data Processing, Storage and Security
The following Privacy and Data Security Policy has been written in accordance with The Privacy and Electronic Communications (EC Directive) Regulations 2003 and the new EU General Data Protection Regulations 2018.
What data do we process?
Respond Service & Maintain Ltd we collect and process a wide range of data for the purpose of the sale and supply of liquid fuel product services and associated equipment to comply with legal obligations and to improve our products and services.
Some of this data we process is classified as personal data as it is used to identify an individual.
The types of data we store include:
- Contact information (name, telephone, email etc)
- Address information
- Historical transactional information
- Financial information (e.g. Credit information and information required for direct debits)
During our marketing activities we regularly follow a process to remove “old” and “bad” data which either a) holds no purpose or b) is incorrect. This includes “bounced” email addresses.
At RSM Ltd we do not store what is commonly classed as “sensitive personal data” such as religious beliefs, trade union membership, political options, genetic data, biometric data or data relating to an individual’s sexual orientation.
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
Why do we store this data?
We store enough data to be able to operate our business. We do not store needless data such as a customer’s birth date or detailed information on their type of residence etc as this is not necessary to carry out our activities. At a quarterly meeting we review the data that we store and decide if the stored/processed data is still necessary.
How long do we hold data?
Prospective customer data is deactivated when the data processor identifies that there is not an opportunity for the sale of our goods.
How do we keep this data secure?
Our systems are protected by a double firewall and our on premise server is kept in a locked environment, the only member of staff to have access to this environment is our Technical Manager and our Commercial Director.
Excluding company directors and managers, staff are unable to access our transactional systems both remotely and outside of set company hours.
All staff passwords are changed on a regular basis to keep an individuals system secure and staff members are instructed not to share their password with any other member of staff.
We have initiated a policy to ensure that all equipment that can be updated with the latest security protocols (provided by Microsoft and other vendors) are regularly kept updated.
A continuously updated log of all of our core ICT equipment which can access data is kept. This log includes the make, model and serial number of all of these devices and includes such things as laptops, servers, mobile phones etc.
In relation to the transfer of data, under no circumstances do share our database to any third party for third party sales and marketing purposes unless explicitly agreed by the data subject.
All of the websites at RSM Ltd (and the wider group of companies) all have a Secure Sockets Layer (SSL) level of encryption.
We recognise that one of the easiest ways to fall fowl of proper data security is at a humans hand. With this in mind staff are trained to understand the importance of data security and how to perform their duties in a secure way.
This web site uses session cookies to allow you to carry information across pages of our site and avoid having to re-enter information. These cookies expire at the end of your visit to our web site. You have the ability to accept or decline cookies by modifying the settings in your browser. However, you may not be able to use all the interactive features of our site if cookies are disabled.
You can choose to have your computer warn you each time a cookie is being sent, or you can choose to turn off all cookies. You do this through your browser (like Google Chrome, Netscape Navigator, FireFox, Microsoft Edge or Internet Explorer) settings. Each browser is a little different, so look at your browser Help menu to learn the correct way to modify your cookies. If you turn cookies off, you may not have access to some features that make your experience on our website more efficient and some of our services may not function properly.
We may collect some information about you using web technology, so it may not be readily apparent to you that it is being collected. For instance, when you come to our site your IP address is collected so that we know where to send information you are requesting (web pages). An IP address is often associated with the place from which you enter the Internet like your ISP (Internet service provider), your company, or your school. This information is not personally identifiable.
What is our lawful basis to process this data?
The existing customer data that we process is done so under a combination of the “fulfilment of contract”, “consent of the individual” and “legitimate interest”.
Prospective customers’ data is processed by either “consent of the individual” or “legitimate interest”.
Data Subjects Rights
How can your data be updated or amended?
At RSM Ltd we want to make sure that the information we process on a data subject is accurate. If a data subject wishes to update their data (for example, with a new contact number or a change of surname) this can be done with ease by contacting our Head Office.
The right to be forgotten
A key part of the new General Data Protection Regulations is “the right to be forgotten”. Due to our HMRC obligations we have interpreted this part of the legislation as an in essence “full unsubscribe” for customers. This means the “closing of an account” and the cessation of all further sales and marketing activities.
Throughout all of our digital marketing activities we make the ability to unsubscribe from further communications readily available. It is not our companies desire to provide sales and marketing messaging to individuals who do not wish to receive it.
If you have a question about this privacy and data security policy you can contact our Information Officer by the following methods:
Telephone: 01422 291277